Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10399

Unchecked string access in parseNs may yield garbage collection name for commands without collections

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 2.5.2
    • None
    • None
    • ALL

    Description

      parseNs (and parseNsFullyQualified) expect that the cmdObj provided will have a leading String valued field containing a collection name, so use the unchecked valuestr() method on BSONElement to obtain that value:

      https://github.com/mongodb/mongo/blob/51af8d67570b33fa5d5b4d36b18215535d38dd85/src/mongo/db/commands.cpp#L67

      However, some commands (like a database drop) do not have a collection name.

      The auditing code in this file attempts to use these methods to format audit trail events for all commands. When it does so for commands that have no collection, the result is a collection name formed from whatever data is pointed to by the first element in the cmdObj, interpreted as a C string.

      Attachments

        Issue Links

          related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-16072 Improve namespace construction in commands

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              andrew.morrow@mongodb.com Andrew Morrow (Inactive)
              andrew.morrow@mongodb.com Andrew Morrow (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: